Countering Browser Fingerprinting Techniques: Constructing a Fake Profile with Google Chrome

While Web browsers are fundamental components in the Internet nowadays, the widespread availability of several techniques that can be used to detect the individual browser connected to a server raises privacy issues that need to be adequately addressed. Browser fingerprinting uses a combination of attributes, whose values are silently obtained during normal navigation, to identify, with high likelihood, a browser and, consequently, who is controlling such browser. Although providing contrived or random values for specific single attributes or attribute sets can be at least partly successful in interfering with the operation of fingerprinting, such approach may also have adverse effects. The objective of this work is to suggest an alternative: supplying coherent data designed in such a way as to mimick as closely as possible a different browser. A proof-of-concept implementation as an extension for the Chrome browser is presented and discussed.

[1]  Giuseppe Cattaneo,et al.  The Forensic Analysis of a False Digital Alibi , 2012, 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[2]  Wouter Joosen,et al.  PriVaricator: Deceiving Fingerprinters with Little White Lies , 2015, WWW.

[3]  Giuseppe Cattaneo,et al.  Automated Construction of a False Digital Alibi , 2011, ARES.

[4]  Antonio Colella,et al.  Digital Profiling: A Computer Forensics Approach , 2011, ARES.

[5]  John C. Mitchell,et al.  Third-Party Web Tracking: Policy and Technology , 2012, 2012 IEEE Symposium on Security and Privacy.

[6]  Balachander Krishnamurthy,et al.  Generating a privacy footprint on the internet , 2006, IMC '06.

[7]  Chris Jay Hoofnagle,et al.  Flash Cookies and Privacy , 2009, AAAI Spring Symposium: Intelligent Information Privacy Management.

[8]  David Wetherall,et al.  Detecting and Defending Against Third-Party Tracking on the Web , 2012, NSDI.

[9]  P. Watzlawick,et al.  Pragmatics of human communication , 1975 .

[10]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[11]  Wouter Joosen,et al.  Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting , 2013, 2013 IEEE Symposium on Security and Privacy.

[12]  E. Weippl,et al.  Fast and Reliable Browser Identification with JavaScript Engine Fingerprinting , 2013 .

[13]  Frank Piessens,et al.  FPDetective: dusting the web for fingerprinters , 2013, CCS.

[14]  Aniello Castiglione,et al.  Network Profiling: Content Analysis of Users Behavior in Digital Communication Channel , 2012, CD-ARES.

[15]  Juan E. Tapiador,et al.  Online Randomization Strategies to Obfuscate User Behavioral Patterns , 2012, Journal of Network and Systems Management.

[16]  Giuseppe Cattaneo,et al.  How to Forge a Digital Alibi on Mac OS X , 2012, CD-ARES.

[17]  Giuseppe Cattaneo,et al.  On the Construction of a False Digital Alibi on the Android OS , 2011, 2011 Third International Conference on Intelligent Networking and Collaborative Systems.

[18]  Alfredo De Santis,et al.  Device Tracking in Private Networks via NAPT Log Analysis , 2012, 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.